2011-07-01

Heading Off Hackers

[Diálogo Illustration]

Kenneth geers/u.s. naval criminal investigative service

The internet has changed almost all aspects of human life, including warfare.
Every political and military conflict now has a cyber dimension, whose size and
impact are difficult to predict. computers and computer networks have provided a new
delivery mechanism that can increase the speed, diffusion and significance of a
national security threat. The constant evolution of information technology tends to
leave both cyber law and cyber defense racing to keep up.

What military officers refer to as the “battlespace” grows more difficult to
define and defend over time. today, cyber attacks can target political leadership,
military systems and citizens anywhere in the world, during peacetime or war, with
the added challenge of attacker anonymity.

Cyberspace as a war-fighting domain currently favors the attacker, in
contrast to the historical understanding of warfare, in which the defender normally
enjoys a significant home field advantage. Further, the terrestrial proximity of
adversaries is unimportant because in cyberspace, everyone is a next-door neighbor.
And there is little moral inhibition to computer hacking because it relates
primarily to the use and abuse of computer code. So there is little perceived human
suffering.

In spite of these advantages for the attacker, many analysts remain skeptical
of the seriousness of the cyber threat. in part, this is because a real-world
outcome is not guaranteed. in cyber warfare, tactical victories amount to a
successful reshuffling of the bits — also known as ones and zeros — inside a
computer. At that point, the attacker must wait to see if the intended realworld
effects occur.

Types of cyber attacks

There are three basic types of cyber attack, from which all others
derive:

Mohammed Mahmoud, a militant with the global islamic Media Front, is led
into a courtroom in Vienna in august 2009. he was sentenced to four years behind
bars for being a member of a terrorist organization and producing an islamist
threat video distributed on the internet. [Agence France-Presse]

a man walks inside the pionen White Mountain data center, the high-security
computer storage facility of swedish internet service provider bahnhof in
stockholm. the data center, once a Cold War era nuclear bunker, is 2 one of the
most protected in the world. [Agence France-Presse]

Confidentiality — This encompasses any unauthorized acquisition of
information, including via “traffic analysis,” in which an attacker infers
communication content merely by observing communication patterns. Because global
network connectivity is currently well ahead of global network security, it can be
easy for hackers to steal enormous amounts of information.

Cyber terrorism and cyber warfare may still lie in our future, but we are
already living in a golden age of cyber espionage. The most famous case to date is
“Ghostnet,” investigated by Information Warfare Monitor, in which a cyber espionage
network of more than 1,000 compromised computers in 103 countries targeted
diplomatic, political, economic and military information.

Integrity — This is the unauthorized modification of information or
information resources, such as a database. Such attacks can involve the sabotage of
data for criminal, political or military purposes. cyber criminals have encrypted
data on a victim’s hard drive, and then demanded a ransom payment in exchange for
the decryption key.

Availability — The goal here is to prevent authorized users from
gaining access to the systems or data they require to perform certain tasks. This is
commonly referred to as a denial of service (DoS), and encompasses a wide range of
malware, network traffic or physical attacks on computers, databases and the
networks that connect them.

In 2001, “mafiaboy,” a 15-year-old student from Montreal, conducted a
successful DoS attack against some of the world’s biggest online companies, likely
causing more than $1 billion in financial damage. in 2007, Syrian air defense was
reportedly disabled by a cyber attack moments before the israeli Air Force
demolished an alleged Syrian nuclear reactor.

Hacker goals

A cyber attack is not an end in itself, but an extraordinary means to a wide
variety of ends, limited primarily by the imagination of the attacker.

Espionage — Every day, anonymous computer hackers steal vast quantities
of computer data and network communications. in fact, it is possible to conduct
devastating intelligence-gathering operations, even on highly sensitive political
and military correspondence, remotely from anywhere in the world.

Propaganda — Cheap and effective, this is often the easiest and most
powerful form of attack. Digital information in text or image format, regardless of
whether it is true, can be instantly copied and sent anywhere in the world, even
deep behind enemy lines.

Denial of service — The simple goal is to deny the use of data or
computers to legitimate users. The most common tactic is to flood the target with so
much superfluous data that it cannot respond to real requests for services or
information. other DoS attacks include the physical destruction of computer hardware
and use of electromagnetic interference designed to destroy unshielded electronics
via current or voltage surges.

Data modication — A successful attack on the integrity of sensitive
data can mean that legitimate users (human or machine) will make important decisions
based on maliciously altered information. Such attacks range from website
defacement, which is often referred to as “electronic graffiti,” but which can still
carry propaganda or misinformation, to the corruption of advanced weapons systems.

Infrastructure manipulation — National critical infrastructures (CI)
are increasingly connected to the internet. however, because instant response may be
required, and associated hardware may have insufficient computing resources, ci
security may not be robust. The management of electricity could be especially
important for national security planners to evaluate because electricity has no
substitute, and all other infrastructures depend on it. Many ci are in private
hands.

Cyber attacks in war

The tactics of war are radically different in cyberspace, and if there is a
war between major world powers, the first victim of the conflict could be the
internet itself. two broad categories of cyber attacks can exist during a major
war:

Military forces — The attacks can be conducted as part of a broader
effort to disable the adversary’s weaponry and to disrupt military
command-and-control systems.

Civilian infrastructure — These can target the adversary’s ability and
willingness to wage war for extended periods, and may include an adversary’s
financial sector, industry and national morale. one of the most effective ways to
undermine a variety of these second-tier targets is to disrupt power generation and
supply. today, militaries can exploit global connectivity to conduct a full range of
cyber attacks against adversary ci, deep behind the front lines of
battle.

Looking to the future

The internet has changed the nature of warfare. computers are both a weapon
and target. As with terrorism, hackers have found success in pure media hype. And
the same is true as with weapons of mass destruction – it is difficult to retaliate
against an asymmetric attack.

On balance, cyber warfare may favor nations robust in it, but the internet is
a prodigious weapon for a weaker party to attack a stronger conventional foe.
internetdependent nations have more to lose when the network goes down.

From a defensive standpoint, nations should invest in technologies that
mitigate two key hacker advantages: poor attacker attribution and a high level of
asymmetry. The often anonymous nature of computer hacking and its very high return
on investment can prevent traditional risk mitigation, such as deterrence and arms
control.

At this point in history, many governments may feel compelled to invest in
cyber warfare, not only as a way to project national power but as the only means to
defend their presence in cyberspace.

Kenneth Geers, Naval Criminal Investigative service, is the U.S.
Representative to the NATO Cooperative Cyber Defence Centre of Excellence
(CCDCOE). To learn more about the NATO CCDCOE, visit www.ccdcoe.org.

Cyber Security in the Americas

Latin america and the Caribbean have been preparing for cyber attacks for
more than a decade, thanks to the organization of american states (oas), and
investments by countries with high internet usage. the oas secretariat of the
inter-american Committee against terrorism (CiCte), has conducted regular technical
assistance missions and workshops throughout the region since 2004, visiting peru,
Dominican republic, Colombia, ecuador, guatemala and others nations in 2010 and
2011. the purpose of the missions is to raise awareness about cyber security and
develop a national Computer security incident response team (Csirt) in each country.
the Csirts feed into a hemisphere-wide network for detecting and alerting cyber
security-related crises, incidents and threats, and helping national law enforcement
prosecute cyber criminals.

“It is imperative to expose the necessity of educating the final user, and
the necessity of articulation and cooperation, externally and internally, between
national actors in charge of managing cyber space threats,” wrote omar J. alvarado,
general coordinator of the Csirt of Venezuela (VenCert), in a June 2010 oas
newsletter. “each time there are more Certs [Computer emergency response teams] in
the world which look to cooperate and join forces to attempt to contain cyber
security threats.”

The oas counts 15 Csirt programs established in member states across the
hemisphere, and all members participated in the hemispheric Cyber security and Cyber
Crime Workshop on regional Coordination and information sharing held May 9-13, 2011,
in Miami.

Brazil went a step further in september 2010 when the army’s Cyberwarfare
Communication Center contracted a private security firm to provide additional
protection to 37,500 computers belonging to the army’s military commands around the
country. “We have approximately 60,000 computers throughout the country, and we
suffer an average of 100 intrusion attempts each day across our 12 it centers,” said
brigadier general antonino dos santos guerra in an interview with security Week.
brazilian army operational agents will also undergo training as part of the
agreement.